On Fri, Oct 27, 2006 at 05:24:58PM -0400, Peter H. Lemieux wrote:
> >Well, there isn't "a" SA corpus, so there's no answer to that question.
>
> Ah, I hadn't read this page before:
> http://wiki.apache.org/spamassassin/HandClassifiedCorpora
> My recollection was that 2.x used a centrally-def
Theo Van Dinter wrote:
On Thu, Oct 26, 2006 at 12:19:23PM -0400, Peter H. Lemieux wrote:
No, because there are going to be a lot of mails that would hit that.
Really? Maybe it's because I live in the US, but I can't think of a
legitimate message I've ever received consisting only of a base64 b
On Fri, Oct 27, 2006 at 11:44:48AM -0400, Daryl C. W. O'Shea wrote:
> Ticketmaster sends out *a lot* of their mail this way. I'm sure it's
> partly in an attempt to avoid having their mail FP against crappy filters.
I'd also imagine that sometimes it's just easier to do this than try to pay
atte
Peter H. Lemieux wrote:
Theo Van Dinter wrote:
On Thu, Oct 26, 2006 at 09:46:28AM -0400, Peter H. Lemieux wrote:
Also is there an SA rule that scores messages that contain only a
single base64 part (as opposed to a base64-encoded attachment)? I
doubt many legitimate messages arrive with onl
Peter H. Lemieux wrote:
Theo Van Dinter wrote:
On Thu, Oct 26, 2006 at 09:46:28AM -0400, Peter H. Lemieux wrote:
Also is there an SA rule that scores messages that contain only a
single base64 part (as opposed to a base64-encoded attachment)? I
doubt many legitimate messages arrive with only
On Thu, Oct 26, 2006 at 12:19:23PM -0400, Peter H. Lemieux wrote:
> >No, because there are going to be a lot of mails that would hit that.
>
> Really? Maybe it's because I live in the US, but I can't think of a
> legitimate message I've ever received consisting only of a base64 blob.
You look
[EMAIL PROTECTED] wrote:
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: base64
Probably a message in base64 that does not contain any single 8bit code should
be
considered as an attempt to hide the message from scanners
That's a good idea, Wolfgang. The mess
Theo Van Dinter wrote:
On Thu, Oct 26, 2006 at 09:46:28AM -0400, Peter H. Lemieux wrote:
Does SA convert the blob into text before scanning? It contains a number
of drug-related words and a URI that points to "pharmconnect.org".
Yes.
I was pretty sure this was the case but wanted to confirm
>> I received a spam today where the text was only a base64-encoded blob.
>>
>> Content-Type: text/html;
>> charset="us-ascii"
>> Content-Transfer-Encoding: base64
>> Subject: feel young and strong again
>>
>> PGh0bWw+DQpTdG9wIG92ZXJwYXlpbmcgZm9yIHlvdXIgcHJlc2NyaXB0aW9uIG1lZGljYXRpb25z
>>
On Thu, Oct 26, 2006 at 09:46:28AM -0400, Peter H. Lemieux wrote:
> Does SA convert the blob into text before scanning? It contains a number
> of drug-related words and a URI that points to "pharmconnect.org".
Yes.
> Also is there an SA rule that scores messages that contain only a single
> ba
Peter H. Lemieux wrote:
> I received a spam today where the text was only a base64-encoded blob.
>
> Content-Type: text/html;
> charset="us-ascii"
> Content-Transfer-Encoding: base64
> Subject: feel young and strong again
>
> PGh0bWw+DQpTdG9wIG92ZXJwYXlpbmcgZm9yIHlvdXIgcHJlc2NyaXB0aW9uIG1lZGljY
11 matches
Mail list logo
